Encryption of data at rest

jcurrent · 28 May 2025 21:49

Hi!

I am reading a lot of encryption of data in motion with mTLS, but I am trying to figure out if Confluent server provides support for encryption of data at rest.
Some resources indicate that this has to be done at OS-level by encrypting the disk. (https://youtu.be/nhw6J9N6UIg?t=306)

However, some resources seem to indicate that this feature exists (Manage security in Confluent Platform | Confluent Documentation)

Does Confluent Server provide this feature? or perhaps even E2E-encryption?

if not: are there any best practices regarding encryption at rest with for example LUKS?

/J

mmuehlbeyer · 2 June 2025 18:20

hey @jcurrent

afaik there is no feature for encryption of data at rest buil-in in confluent server.

you could encrypt the volumes where your kafka data resides (with LUKS as you mentioned)

confluent cloud data is encrypted by default

let me know if you further insights

best,
michael

Topic		Replies	Views
Encryption at Rest? Confluent Cloud	1	3379	20 September 2021
✍️ Protecting Data Integrity in Confluent Cloud: Over 8 Trillion Messages Per Day News and Blogs	0	3149	30 July 2021
Secure your Cloud-Native Apache Kafka System—an Introduction to Confluent Cloud Security Confluent Cloud	0	3072	10 November 2022
✍️ An Introduction to Apache Kafka Security: Securing Real-Time Data Streams News and Blogs	0	2673	19 August 2022
Securing Kafka Connect Pipelines with Client-Side Field-Level Cryptography [Kafka Summit 2022] Summit	0	3699	24 April 2022

Encryption of data at rest

Related topics